We can block an ip address from accessing the linux server.This can done by using
APF
(for information about APF please refer to the scrap 'Advaced Policy Firewall-APF' in hiox.org).
Here is the scarp that tells you about
blocking your linux server from specific IP address
To Block:
You can do this in two ways:
*The first is using apf command as in the following syntax:
apf -d (or) --deny [IP address]
eg:
apf -d 198.168.0.12
*The second way is to manually edit the
/etc/apf/deny_hosts.rules -configuration file
you can specify the IP or domain name in this file.
For example to deny the IP address 198.162.0.12 and the domain station1.XXXXX.com,You must specify the following in etc/apf/deny_hosts.rules file:
192.168.0.1
station1.XXXXX.com
To allow
This can be also done in two ways:
*The first is using apf command as in the following syntax:
apf -a (or) --allow [IP address]
eg:
apf -d 198.168.0.12
*The second way is to manually edit the
/etc/apf/allow_hosts.rules -configuration file
you can specify the IP or domain name in this file.
For example to allow the IP address 198.162.0.12 and the domain station1.XXXXX.com,You must specify the following in etc/apf/allow_hosts.rules file:
192.168.0.1
station1.XXXXX.com
In this file, You can also specify what kind of services that are allowed to access.For this the syntax is:
[tcp/udp] : [in/out] : [s=/d=]PORT : [s=/d=]IP
As an example, to allow the ip address 192.168.0.12 to access the port 22 service of linux server,you can specify as in the following:
tcp:in:d=22:s=192.168.0.12
